Commit 59d62726 authored by Dan Winship's avatar Dan Winship

Add initial TLS (SSL) support to gio

This adds an extension point for TLS connections to gio, with a
gnutls-based implementation in glib-networking.

Full TLS support is still a work in progress; the current API is
missing some features, and parts of it may still be changed before
2.28.

https://bugzilla.gnome.org/show_bug.cgi?id=588189
parent a1690339
......@@ -125,6 +125,15 @@
<xi:include href="xml/gsocketservice.xml"/>
<xi:include href="xml/gthreadedsocketservice.xml"/>
</chapter>
<chapter id="tls">
<title>TLS (SSL) support</title>
<xi:include href="xml/gtls.xml"/>
<xi:include href="xml/gtlscertificate.xml"/>
<xi:include href="xml/gtlsconnection.xml"/>
<xi:include href="xml/gtlsclientconnection.xml"/>
<xi:include href="xml/gtlsserverconnection.xml"/>
<xi:include href="xml/gtlsbackend.xml"/>
</chapter>
<chapter id="resolver">
<title>DNS resolution</title>
<xi:include href="xml/gresolver.xml"/>
......
......@@ -1798,13 +1798,17 @@ g_socket_client_set_local_address
g_socket_client_set_protocol
g_socket_client_set_socket_type
g_socket_client_set_timeout
g_socket_client_set_enable_proxy
g_socket_client_set_tls
g_socket_client_set_tls_validation_flags
g_socket_client_get_family
g_socket_client_get_local_address
g_socket_client_get_protocol
g_socket_client_get_socket_type
g_socket_client_get_timeout
g_socket_client_get_enable_proxy
g_socket_client_set_enable_proxy
g_socket_client_get_tls
g_socket_client_get_tls_validation_flags
<SUBSECTION Standard>
GSocketClientClass
G_IS_SOCKET_CLIENT
......@@ -2994,3 +2998,126 @@ G_TYPE_POLLABLE_OUTPUT_STREAM
<SUBSECTION Private>
g_pollable_output_stream_get_type
</SECTION>
<SECTION>
<FILE>gtls</FILE>
G_TLS_ERROR
GTlsError
<SUBSECTION>
GTlsAuthenticationMode
GTlsCertificateFlags
</SECTION>
<SECTION>
<FILE>gtlsbackend</FILE>
<TITLE>GTlsBackend</FILE>
G_TLS_BACKEND_EXTENSION_POINT_NAME
GTlsBackend
GTlsBackendInterface
g_tls_backend_get_default
g_tls_backend_supports_tls
g_tls_backend_get_certificate_type
g_tls_backend_get_client_connection_type
g_tls_backend_get_server_connection_type
<SUBSECTION Standard>
G_IS_TLS_BACKEND
G_TLS_BACKEND
G_TLS_BACKEND_GET_INTERFACE
G_TYPE_TLS_BACKEND
g_tls_error_quark
<SUBSECTION Private>
g_tls_backend_get_type
</SECTION>
<SECTION>
<FILE>gtlscertificate</FILE>
<TITLE>GTlsCertificate</TITLE>
GTlsCertificate
g_tls_certificate_new
g_tls_certificate_new_from_pem
g_tls_certificate_new_from_file
g_tls_certificate_new_from_files
g_tls_certificate_list_new_from_file
g_tls_certificate_get_issuer
<SUBSECTION Standard>
GTlsCertificateClass
GTlsCertificatePrivate
G_IS_TLS_CERTIFICATE
G_IS_TLS_CERTIFICATE_CLASS
G_TLS_CERTIFICATE
G_TLS_CERTIFICATE_CLASS
G_TLS_CERTIFICATE_GET_CLASS
G_TYPE_TLS_CERTIFICATE
<SUBSECTION Private>
g_tls_certificate_get_type
</SECTION>
<SECTION>
<FILE>gtlsconnection</FILE>
<TITLE>GTlsConnection</TITLE>
GTlsConnection
g_tls_connection_set_certificate
g_tls_connection_get_certificate
g_tls_connection_get_peer_certificate
g_tls_connection_set_require_close_notify
g_tls_connection_get_require_close_notify
GTlsRehandshakeMode
g_tls_connection_set_rehandshake_mode
g_tls_connection_get_rehandshake_mode
<SUBSECTION>
g_tls_connection_handshake
g_tls_connection_handshake_async
g_tls_connection_handshake_finish
<SUBSECTION>
g_tls_connection_set_peer_certificate
g_tls_connection_emit_accept_certificate
g_tls_connection_emit_need_certificate
<SUBSECTION Standard>
GTlsConnectionClass
GTlsConnectionPrivate
G_IS_TLS_CONNECTION
G_IS_TLS_CONNECTION_CLASS
G_TLS_CONNECTION
G_TLS_CONNECTION_CLASS
G_TLS_CONNECTION_GET_CLASS
G_TYPE_TLS_CONNECTION
<SUBSECTION Private>
g_tls_connection_get_type
</SECTION>
<SECTION>
<FILE>gtlsclientconnection</FILE>
<TITLE>GTlsClientConnection</TITLE>
GTlsClientConnection
GTlsClientConnectionInterface
g_tls_client_connection_new
g_tls_client_connection_set_server_identity
g_tls_client_connection_get_server_identity
g_tls_client_connection_set_validation_flags
g_tls_client_connection_get_validation_flags
g_tls_client_connection_set_use_ssl3
g_tls_client_connection_get_use_ssl3
g_tls_client_connection_get_accepted_cas
<SUBSECTION Standard>
G_IS_TLS_CLIENT_CONNECTION
G_TLS_CLIENT_CONNECTION
G_TLS_CLIENT_CONNECTION_GET_INTERFACE
G_TYPE_TLS_CLIENT_CONNECTION
<SUBSECTION Private>
g_tls_client_connection_get_type
</SECTION>
<SECTION>
<FILE>gtlsserverconnection</FILE>
<TITLE>GTlsServerConnection</TITLE>
GTlsServerConnection
GTlsServerConnectionInterface
g_tls_server_connection_new
<SUBSECTION Standard>
G_IS_TLS_SERVER_CONNECTION
G_TLS_SERVER_CONNECTION
G_TLS_SERVER_CONNECTION_GET_INTERFACE
G_TYPE_TLS_SERVER_CONNECTION
<SUBSECTION Private>
g_tls_server_connection_get_type
</SECTION>
......@@ -108,6 +108,11 @@ g_tcp_connection_get_type
g_tcp_wrapper_connection_get_type
g_themed_icon_get_type
g_threaded_socket_service_get_type
g_tls_backend_get_type
g_tls_certificate_get_type
g_tls_client_connection_get_type
g_tls_connection_get_type
g_tls_server_connection_get_type
g_unix_connection_get_type
g_unix_fd_list_get_type
g_unix_fd_message_get_type
......
......@@ -202,7 +202,6 @@ platform_libadd += win32/libgiowin32.la
platform_deps += win32/libgiowin32.la
endif
SUBDIRS += .
if HAVE_FAM
......@@ -307,6 +306,8 @@ libgio_2_0_la_SOURCES = \
gdummyfile.c \
gdummyproxyresolver.c \
gdummyproxyresolver.h \
gdummytlsbackend.c \
gdummytlsbackend.h \
gemblem.h \
gemblem.c \
gemblemedicon.h \
......@@ -381,6 +382,11 @@ libgio_2_0_la_SOURCES = \
gthemedicon.c \
gthreadedresolver.c \
gthreadedresolver.h \
gtlsbackend.c \
gtlscertificate.c \
gtlsclientconnection.c \
gtlsconnection.c \
gtlsserverconnection.c \
gunionvolumemonitor.c \
gunionvolumemonitor.h \
gvfs.c \
......@@ -530,6 +536,11 @@ gio_headers = \
gtcpwrapperconnection.h \
gthreadedsocketservice.h\
gthemedicon.h \
gtlsbackend.h \
gtlscertificate.h \
gtlsclientconnection.h \
gtlsconnection.h \
gtlsserverconnection.h \
gvfs.h \
gvolume.h \
gvolumemonitor.h \
......
/* GIO - GLib Input, Output and Streaming Library
*
* Copyright (C) 2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*/
#include "config.h"
#include "gdummytlsbackend.h"
#include <glib.h>
#include "gasyncresult.h"
#include "gcancellable.h"
#include "ginitable.h"
#include "gtlsbackend.h"
#include "gtlscertificate.h"
#include "gtlsclientconnection.h"
#include "gtlsserverconnection.h"
#include "gsimpleasyncresult.h"
#include "giomodule.h"
#include "giomodule-priv.h"
#include "glibintl.h"
static GType _g_dummy_tls_certificate_get_type (void);
static GType _g_dummy_tls_connection_get_type (void);
struct _GDummyTlsBackend {
GObject parent_instance;
};
static void g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface);
#define g_dummy_tls_backend_get_type _g_dummy_tls_backend_get_type
G_DEFINE_TYPE_WITH_CODE (GDummyTlsBackend, g_dummy_tls_backend, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_BACKEND,
g_dummy_tls_backend_iface_init)
_g_io_modules_ensure_extension_points_registered ();
g_io_extension_point_implement (G_TLS_BACKEND_EXTENSION_POINT_NAME,
g_define_type_id,
"dummy",
-100))
static void
g_dummy_tls_backend_init (GDummyTlsBackend *backend)
{
}
static void
g_dummy_tls_backend_class_init (GDummyTlsBackendClass *backend_class)
{
}
static void
g_dummy_tls_backend_iface_init (GTlsBackendInterface *iface)
{
iface->get_certificate_type = _g_dummy_tls_certificate_get_type;
iface->get_client_connection_type = _g_dummy_tls_connection_get_type;
iface->get_server_connection_type = _g_dummy_tls_connection_get_type;
}
/* Dummy certificate type */
typedef struct _GDummyTlsCertificate GDummyTlsCertificate;
typedef struct _GDummyTlsCertificateClass GDummyTlsCertificateClass;
struct _GDummyTlsCertificate {
GTlsCertificate parent_instance;
};
struct _GDummyTlsCertificateClass {
GTlsCertificateClass parent_class;
};
enum
{
PROP_CERTIFICATE_0,
PROP_CERTIFICATE,
PROP_CERTIFICATE_PEM,
PROP_PRIVATE_KEY,
PROP_PRIVATE_KEY_PEM
};
static void g_dummy_tls_certificate_initable_iface_init (GInitableIface *iface);
#define g_dummy_tls_certificate_get_type _g_dummy_tls_certificate_get_type
G_DEFINE_TYPE_WITH_CODE (GDummyTlsCertificate, g_dummy_tls_certificate, G_TYPE_TLS_CERTIFICATE,
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_dummy_tls_certificate_initable_iface_init);)
static void
g_dummy_tls_certificate_get_property (GObject *object,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
/* We need to define this method to make GObject happy, but it will
* never be possible to construct a working GDummyTlsCertificate, so
* it doesn't have to do anything useful.
*/
}
static void
g_dummy_tls_certificate_set_property (GObject *object,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
/* Just ignore all attempts to set properties. */
}
static void
g_dummy_tls_certificate_class_init (GDummyTlsCertificateClass *certificate_class)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (certificate_class);
gobject_class->get_property = g_dummy_tls_certificate_get_property;
gobject_class->set_property = g_dummy_tls_certificate_set_property;
g_object_class_override_property (gobject_class, PROP_CERTIFICATE, "certificate");
g_object_class_override_property (gobject_class, PROP_CERTIFICATE_PEM, "certificate-pem");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY, "private-key");
g_object_class_override_property (gobject_class, PROP_PRIVATE_KEY_PEM, "private-key-pem");
}
static void
g_dummy_tls_certificate_init (GDummyTlsCertificate *certificate)
{
}
static gboolean
g_dummy_tls_certificate_initable_init (GInitable *initable,
GCancellable *cancellable,
GError **error)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("TLS support is not available"));
return FALSE;
}
static void
g_dummy_tls_certificate_initable_iface_init (GInitableIface *iface)
{
iface->init = g_dummy_tls_certificate_initable_init;
}
/* Dummy connection type; since GTlsClientConnection and
* GTlsServerConnection are just interfaces, we can implement them
* both on a single object.
*/
typedef struct _GDummyTlsConnection GDummyTlsConnection;
typedef struct _GDummyTlsConnectionClass GDummyTlsConnectionClass;
struct _GDummyTlsConnection {
GTlsConnection parent_instance;
};
struct _GDummyTlsConnectionClass {
GTlsConnectionClass parent_class;
};
enum
{
PROP_CONNECTION_0,
PROP_BASE_IO_STREAM,
PROP_REQUIRE_CLOSE_NOTIFY,
PROP_REHANDSHAKE_MODE,
PROP_VALIDATION_FLAGS,
PROP_SERVER_IDENTITY,
PROP_USE_SSL3,
PROP_ACCEPTED_CAS,
PROP_AUTHENTICATION_MODE
};
static void g_dummy_tls_connection_initable_iface_init (GInitableIface *iface);
#define g_dummy_tls_connection_get_type _g_dummy_tls_connection_get_type
G_DEFINE_TYPE_WITH_CODE (GDummyTlsConnection, g_dummy_tls_connection, G_TYPE_TLS_CONNECTION,
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_CLIENT_CONNECTION, NULL);
G_IMPLEMENT_INTERFACE (G_TYPE_TLS_SERVER_CONNECTION, NULL);
G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
g_dummy_tls_connection_initable_iface_init);)
static void
g_dummy_tls_connection_get_property (GObject *object,
guint prop_id,
GValue *value,
GParamSpec *pspec)
{
}
static void
g_dummy_tls_connection_set_property (GObject *object,
guint prop_id,
const GValue *value,
GParamSpec *pspec)
{
}
static gboolean
g_dummy_tls_connection_close (GIOStream *stream,
GCancellable *cancellable,
GError **error)
{
return TRUE;
}
static void
g_dummy_tls_connection_class_init (GDummyTlsConnectionClass *connection_class)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (connection_class);
GIOStreamClass *io_stream_class = G_IO_STREAM_CLASS (connection_class);
gobject_class->get_property = g_dummy_tls_connection_get_property;
gobject_class->set_property = g_dummy_tls_connection_set_property;
/* Need to override this because when initable_init fails it will
* dispose the connection, which will close it, which would
* otherwise try to close its input/output streams, which don't
* exist.
*/
io_stream_class->close_fn = g_dummy_tls_connection_close;
g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
g_object_class_override_property (gobject_class, PROP_VALIDATION_FLAGS, "validation-flags");
g_object_class_override_property (gobject_class, PROP_SERVER_IDENTITY, "server-identity");
g_object_class_override_property (gobject_class, PROP_USE_SSL3, "use-ssl3");
g_object_class_override_property (gobject_class, PROP_ACCEPTED_CAS, "accepted-cas");
g_object_class_override_property (gobject_class, PROP_AUTHENTICATION_MODE, "authentication-mode");
}
static void
g_dummy_tls_connection_init (GDummyTlsConnection *connection)
{
}
static gboolean
g_dummy_tls_connection_initable_init (GInitable *initable,
GCancellable *cancellable,
GError **error)
{
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("TLS support is not available"));
return FALSE;
}
static void
g_dummy_tls_connection_initable_iface_init (GInitableIface *iface)
{
iface->init = g_dummy_tls_connection_initable_init;
}
/* GIO - GLib Input, Output and Streaming Library
*
* Copyright (C) 2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*/
#ifndef __G_DUMMY_TLS_BACKEND_H__
#define __G_DUMMY_TLS_BACKEND_H__
#include <gio/giotypes.h>
G_BEGIN_DECLS
#define G_TYPE_DUMMY_TLS_BACKEND (_g_dummy_tls_backend_get_type ())
#define G_DUMMY_TLS_BACKEND(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), G_TYPE_DUMMY_TLS_BACKEND, GDummyTlsBackend))
#define G_DUMMY_TLS_BACKEND_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), G_TYPE_DUMMY_TLS_BACKEND, GDummyTlsBackendClass))
#define G_IS_DUMMY_TLS_BACKEND(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), G_TYPE_DUMMY_TLS_BACKEND))
#define G_IS_DUMMY_TLS_BACKEND_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), G_TYPE_DUMMY_TLS_BACKEND))
#define G_DUMMY_TLS_BACKEND_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_TYPE_DUMMY_TLS_BACKEND, GDummyTlsBackendClass))
typedef struct _GDummyTlsBackend GDummyTlsBackend;
typedef struct _GDummyTlsBackendClass GDummyTlsBackendClass;
struct _GDummyTlsBackendClass {
GObjectClass parent_class;
};
GType _g_dummy_tls_backend_get_type (void);
G_END_DECLS
#endif /* __G_DUMMY_TLS_BACKEND_H__ */
......@@ -27,3 +27,5 @@ INT:OBJECT
VOID:INT64
VOID:UINT64
BOOLEAN:FLAGS
BOOLEAN:OBJECT,FLAGS
OBJECT:VOID
......@@ -120,6 +120,11 @@
#include <gio/gtcpwrapperconnection.h>
#include <gio/gthemedicon.h>
#include <gio/gthreadedsocketservice.h>
#include <gio/gtlsbackend.h>
#include <gio/gtlscertificate.h>
#include <gio/gtlsclientconnection.h>
#include <gio/gtlsconnection.h>
#include <gio/gtlsserverconnection.h>
#include <gio/gvfs.h>
#include <gio/gvolume.h>
#include <gio/gvolumemonitor.h>
......
......@@ -1067,6 +1067,9 @@ g_dbus_signal_flags_get_type G_GNUC_CONST
g_dbus_send_message_flags_get_type G_GNUC_CONST
g_credentials_type_get_type G_GNUC_CONST
g_dbus_message_byte_order_get_type G_GNUC_CONST
g_tls_authentication_mode_get_type G_GNUC_CONST
g_tls_certificate_flags_get_type G_GNUC_CONST
g_tls_rehandshake_mode_get_type G_GNUC_CONST
#endif
#endif
......@@ -1371,6 +1374,7 @@ g_socket_control_message_serialize
#if IN_HEADER(__G_SOCKET_CLIENT_H__)
#if IN_FILE(__G_SOCKET_CLIENT_C__)
g_socket_client_get_type G_GNUC_CONST
g_socket_client_add_application_proxy
g_socket_client_connect
g_socket_client_connect_async
g_socket_client_connect_finish
......@@ -1383,20 +1387,23 @@ g_socket_client_connect_to_service_finish
g_socket_client_connect_to_uri
g_socket_client_connect_to_uri_async
g_socket_client_connect_to_uri_finish
g_socket_client_get_enable_proxy
g_socket_client_get_family
g_socket_client_get_local_address
g_socket_client_get_protocol
g_socket_client_get_socket_type
g_socket_client_get_timeout
g_socket_client_get_enable_proxy
g_socket_client_get_tls
g_socket_client_get_tls_validation_flags
g_socket_client_new
g_socket_client_set_enable_proxy
g_socket_client_set_family
g_socket_client_set_local_address
g_socket_client_set_protocol
g_socket_client_set_socket_type
g_socket_client_set_timeout
g_socket_client_set_enable_proxy
g_socket_client_add_application_proxy
g_socket_client_set_tls
g_socket_client_set_tls_validation_flags
#endif
#endif
......@@ -2002,3 +2009,67 @@ g_tcp_wrapper_connection_get_base_io_stream
g_tcp_wrapper_connection_new
#endif
#endif
#if IN_HEADER(__G_TLS_BACKEND_H__)
#if IN_FILE(__G_TLS_BACKEND_C__)
g_tls_backend_get_certificate_type
g_tls_backend_get_client_connection_type
g_tls_backend_get_default
g_tls_backend_get_server_connection_type
g_tls_backend_get_type G_GNUC_CONST
g_tls_backend_supports_tls
g_tls_error_get_type G_GNUC_CONST
g_tls_error_quark
#endif
#endif
#if IN_HEADER(__G_TLS_CERTIFICATE_H__)
#if IN_FILE(__G_TLS_CERTIFICATE_C__)
g_tls_certificate_get_issuer
g_tls_certificate_get_type G_GNUC_CONST
g_tls_certificate_list_new_from_file
g_tls_certificate_new_from_file
g_tls_certificate_new_from_files
g_tls_certificate_new_from_pem
#endif
#endif
#if IN_HEADER(__G_TLS_CONNECTION_H__)
#if IN_FILE(__G_TLS_CONNECTION_C__)
g_tls_connection_emit_accept_certificate
g_tls_connection_emit_need_certificate
g_tls_connection_get_certificate
g_tls_connection_get_peer_certificate
g_tls_connection_get_rehandshake_mode
g_tls_connection_get_require_close_notify
g_tls_connection_get_type G_GNUC_CONST
g_tls_connection_handshake
g_tls_connection_handshake_async
g_tls_connection_handshake_finish
g_tls_connection_set_certificate
g_tls_connection_set_peer_certificate
g_tls_connection_set_rehandshake_mode
g_tls_connection_set_require_close_notify
#endif
#endif
#if IN_HEADER(__G_TLS_CLIENT_CONNECTION_H__)
#if IN_FILE(__G_TLS_CLIENT_CONNECTION_C__)
g_tls_client_connection_get_accepted_cas
g_tls_client_connection_get_server_identity
g_tls_client_connection_get_type G_GNUC_CONST
g_tls_client_connection_get_use_ssl3
g_tls_client_connection_get_validation_flags
g_tls_client_connection_new
g_tls_client_connection_set_server_identity
g_tls_client_connection_set_use_ssl3
g_tls_client_connection_set_validation_flags
#endif
#endif
#if IN_HEADER(__G_TLS_SERVER_CONNECTION_H__)
#if IN_FILE(__G_TLS_SERVER_CONNECTION_C__)
g_tls_server_connection_get_type G_GNUC_CONST
g_tls_server_connection_new
#endif
#endif
......@@ -1249,6 +1249,106 @@ typedef enum
G_APPLICATION_SEND_ENVIRONMENT = (1 << 4)
} GApplicationFlags;
/**
* GTlsError:
* @G_TLS_ERROR_MISC: Miscellaneous TLS error
* @G_TLS_ERROR_BAD_CERTIFICATE: A certificate could not be parsed
* @G_TLS_ERROR_NOT_TLS: The TLS handshake failed because the
* peer does not seem to be a TLS server.
* @G_TLS_ERROR_HANDSHAKE: The TLS handshake failed because the
* peer's certificate was not acceptable.
* @G_TLS_ERROR_CERTIFICATE_REQUIRED: The TLS handshake failed because
* the server requested a client-side certificate, but none was
* provided. See #GTlsConnection::need-certificate.
* @G_TLS_ERROR_EOF: The TLS connection was closed without proper
* notice, which may indicate an attack. See
* g_tls_connection_set_require_close_notify().
*
* An error code used with %G_TLS_ERROR in a #GError returned from a
* TLS-related routine.
*
* Since: 2.28
*/
typedef enum {
G_TLS_ERROR_MISC,
G_TLS_ERROR_BAD_CERTIFICATE,
G_TLS_ERROR_NOT_TLS,
G_TLS_ERROR_HANDSHAKE,
G_TLS_ERROR_CERTIFICATE_REQUIRED,
G_TLS_ERROR_EOF
} GTlsError;
/**
* GTlsCertificateFlags:
* @G_TLS_CERTIFICATE_UNKNOWN_CA: The signing certificate authority is
* not known.
* @G_TLS_CERTIFICATE_BAD_IDENTITY: The certificate does not match the
* expected identity of the site that it was retrieved from.
* @G_TLS_CERTIFICATE_NOT_ACTIVATED: The certificate's activation time
* is still in the future
* @G_TLS_CERTIFICATE_EXPIRED: The certificate has expired
* @G_TLS_CERTIFICATE_REVOKED: The certificate has been revoked
* according to the #GTlsContext's certificate revocation list.
* @G_TLS_CERTIFICATE_INSECURE: The certificate's algorithm is
* considered insecure.
* @G_TLS_CERTIFICATE_GENERIC_ERROR: Some other error occurred validating
* the certificate
* @G_TLS_CERTIFICATE_VALIDATE_ALL: the combination of all of the above
* flags
*
* A set of flags describing TLS certification validation. This can be
* used to set which validation steps to perform (eg, with
* g_tls_client_connection_set_validation_flags()), or to describe why
* a particular certificate was rejected (eg, in
* #GTlsConnection::accept-certificate).
*
* Since: 2.28
*/
typedef enum {
G_TLS_CERTIFICATE_UNKNOWN_CA = (1 << 0),
G_TLS_CERTIFICATE_BAD_IDENTITY = (1 << 1),
G_TLS_CERTIFICATE_NOT_ACTIVATED = (1 << 2),
G_TLS_CERTIFICATE_EXPIRED = (1 << 3),
G_TLS_CERTIFICATE_REVOKED = (1 << 4),
G_TLS_CERTIFICATE_INSECURE = (1 << 5),
G_TLS_CERTIFICATE_GENERIC_ERROR = (1 << 6),
G_TLS_CERTIFICATE_VALIDATE_ALL = 0x007f
} GTlsCertificateFlags;
/**
* GTlsAuthenticationMode:
* @G_TLS_AUTHENTICATION_NONE: client authentication not required
* @G_TLS_AUTHENTICATION_REQUESTED: client authentication is requested
* @G_TLS_AUTHENTICATION_REQUIRED: client authentication is required
*
* The client authentication mode for a #GTlsServerConnection.
*
* Since: 2.28
*/
typedef enum {
G_TLS_AUTHENTICATION_NONE,
G_TLS_AUTHENTICATION_REQUESTED,
G_TLS_AUTHENTICATION_REQUIRED
} GTlsAuthenticationMode;
/**
* GTlsRehandshakeMode:
* @G_TLS_REHANDSHAKE_NEVER: Never allow rehandshaking
* @G_TLS_REHANDSHAKE_SAFELY: Allow safe rehandshaking only